CIA
Confidentiality - prevent unauthorized disclosure, need to know and least privilege.
Assurance that information is not disclosed to unauthorized programs, users, processes, encryption, logical and physical access control.
Integrity - No unauthorized modifications, consistent data, protecting data or a resource from being altered in a unauthorized fashion
Avaliability - Reliable and timely, accessible, fault tolerance and recovery procedures
DAD
Disclosure, Alteration, and Destruction
IAAA
Requirements for Accountability
Identification - User Claims identity, used for user access control
Authentication - Testing of evidence of users identity
Accountability - Determine actions to an individual person
Authorization - Rights and permissions granted
Privacy - Level of confidentiality and privacy protections
Source material: Sunflower CISSP Guide Version 2.0 (2017) by Maarten de Frankrijker
No comments:
Post a Comment